SnapComms Mobile App – SSO via SAML (Azure Identity Provider)
Download the SnapComms Content Manager’s Metadata
1. Go to App Management > Mac & Mobile Settings > change the authentication method to SAML Authentication, then ‘click to set up’ link.
2. From the SAML Configuration Page, click on the SnapComms Metadata URL
Configuring your Azure SAML Application (for testing)
- From the Azure Portal > Azure Active Directory > Enterprise Applications > click 'New Application' (select Non-gallery), assign an application name, then click the 'Add' button
From the Single sign-on menu > select SAML, click on 'Upload metadata file' (your Content Manager’s Metadata file).
Copy the App Federation Metadata URL, Azure AD Identifier, and download the Certificate (Base64)
5. Login to your Content Manager and go to App Management > Mac & Mobile Settings > enable select SAML Authentication, and click to set up. Under the ‘External Login Configuration’, enter the following values:
- Identity Provider ID: (paste the Azure AD Identifier value from Azure)
- Identity Provider Metadata: (paste the App Federation Metadata URL from Azure)
- SSO validation certificate: (upload the certificate downloaded from Azure)
Testing on the SnapComms Mobile App
- Download the SnapComms Mobile App
- Enter your Organization App Code (can be found from your Content Manager under App Management > Mac & Mobile Settings
- The Microsoft Login Interface appears, sign-in using your Microsoft credentials
1. Ensure that the user you want promoted to a Content Manager Administrator exists under the Users & Groups > Users page (the SnapComms App should’ve been installed for on a user’s machine) and that there is an email address associated with the user.
2. Go to Users & Groups > Groups > find the SSOAdminGroup and add the user in this group.
3. Logout of the Content Manager, and on the Login Page, click on the ‘Login with Company ID’ button, enter the email address of the user that was added to the SSOAdminGroup, you will be redirected to your SSO Login Page and if credential is correct, redirected back to the Content Manager. A new Content Manager Administrator found under the Management > Administrator section has been created at this point.